<%@ page language="java" import="java.sql.*"%>

<html>
   <title>Manager Account </title>
<body>

   <center>
 <p><font color="#0080FF" size="25">Account Information</font></p>

<%
	

	try
	{
            if(session.getAttribute("logged_in") == "true")
	    {
			
			if(session.getAttribute("user_level") == "administrator")
			{

				String DRIVER = "com.mysql.jdbc.Driver";
                            Class.forName(DRIVER);
                            Connection con=null;
                            ResultSet rst=null;
                            ResultSet rstSelec=null;
                            ResultSet rstAll=null;
                            Statement stmt=null;
                            Statement stmtSelec=null;
                            Statement stmtAll=null;
                             
		              String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
		              con=DriverManager.getConnection(url);
		              stmt=con.createStatement();
                            stmtSelec = con.createStatement();
                            stmtAll = con.createStatement();
                
		              String sql = "SELECT * FROM user WHERE user.id = '" + request.getParameter("id") + "'  ;";
                            rst=stmt.executeQuery(sql);
             		       rst.next();
    
              		%>
			   	<br>Id: <label><%=rst.getString(1)%></label> 
			   	<br>User Name: <label><%=rst.getString(3)%></label>   
			   	<p><form  method="POST" action="manage_account_exec.jsp">
			       <input type="hidden" name="username" value="<%=rst.getString(3) %>"/>
			       Name:
			       <input type="text" name="name" value="<%=rst.getString(2) %>"/>
			       <br/>
                            <p> 
			       Old Password:
                            <input type="password" name="oldpassword" />
                            <br/>
                            New Password:
                            <input type="password" name="newpassword" />
                            <br/></p>
                            <input type="submit" value="Update" />
		   	       </form>
			       <h2>User's Screens</h2>
   	  		       <%
 			      
				sql = "SELECT * FROM screen, screen_owners, user WHERE screen.id = screen_owners.screen_id AND  screen_owners.user_id = user.id AND user.id = " + request.getParameter("id") + ";";
                            rstSelec= stmtSelec.executeQuery(sql);
    
	     	        	out.println("<TABLE border=1><tr><th>Id</th><th>Domain_name</th><th>Location</th><th>Current Presentations</th><th>Os Type</th><th>Delete</th></th></tr>");
    				while(rstSelec.next())
				{
					out.println("<tr><th>" + rstSelec.getInt(1) + "</th><th>" + rstSelec.getString(2) + "</th><th>" + rstSelec.getString(3) + "</th><th>" + rstSelec.getInt(4) + "</th><th>" + rstSelec.getString(7) + "</th><th><form method=POST action= user_screen_delete.jsp><input type=hidden name=user_id value='" + request.getParameter("id") + "'><input type=hidden name=screen_id value='" + rstSelec.getInt(1) + "'><input type=submit value=Delete></form></th></tr>");
				}
				out.println("</TABLE>");


				out.println("<br><h2>All Screens Available</h2>");

				sql="SELECT * FROM screen;";
        		       rstAll= stmtAll.executeQuery(sql);
         
                            out.println("<TABLE border=1><tr><th>Id</th><th>Domain_name</th><th>Location</th><th>Current Presentations</th><th>Os Type</th><th>Add</th></th></tr>");
				while(rstAll.next())
				{
					out.println("<tr><th>" + rstAll.getInt(1) + "</th><th>" + rstAll.getString(2) + "</th><th>" + rstAll.getString(3) + "</th><th>" + rstAll.getInt(4) + "</th><th>" + rstAll.getString(7) + "</th><th><form method=POST action= user_screen_add.jsp><input type=hidden name=user_id value='" + request.getParameter("id") + "'><input type=hidden name=screen_id value='" + rstAll.getInt(1) + "'><input type=submit value=Add></form></th></tr>");
				}
			       out.println("</TABLE>");

                            rst.close();
				stmt.close();
				con.close();

                     }
			else
			{
				String DRIVER = "com.mysql.jdbc.Driver";
                            Class.forName(DRIVER);
                            Connection con=null;
                            ResultSet rst=null;
                            Statement stmt=null;

				String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
		              con=DriverManager.getConnection(url);
		              stmt=con.createStatement();
		              String sql = "SELECT * FROM user WHERE username = '" + session.getAttribute("username") + "' AND password = '" + session.getAttribute("password") + "';";
                            rst=stmt.executeQuery(sql);
	                     rst.next();
              
                            %>
                            <br>Id: <label><%=rst.getString(1)%></label> 
                            <br>User Name: <label><%=rst.getString(3)%></label>   
     			       <p><form  method="POST" action="manage_account_exec.jsp">
				Name:
			       <input type="text" name="name" value="<%=rst.getString(2) %>"/>
			       <br />
			       <p> 
			       Old Password:
			       <input type="password" name="oldpassword" />
			       <br />
			       New Password:
			       <input type="password" name="newpassword" />
			       <br /></p>
			       <input type="submit" value="Update" />
                               </form>
			       <%
                
				rst.close();
				stmt.close();
				con.close();
			}
		}
		else
		{
		    out.println("Not Logged In");
		}
        }
            catch(Exception e)
        {
            out.println(e);
        }	
%>
 </center>

</body>
</html>





